ID

VAR-202406-1440


CVE

CVE-2024-37369


TITLE

Rockwell Automation FactoryTalk View SE Privilege Escalation Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-30908

DESCRIPTION

A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface from Rockwell Automation of the United States

Trust: 1.44

sources: NVD: CVE-2024-37369 // CNVD: CNVD-2024-30908

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-30908

AFFECTED PRODUCTS

vendor:rockwellmodel:automation factorytalk view sescope:eqversion:v12

Trust: 0.6

sources: CNVD: CNVD-2024-30908

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2024-30908
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-30908
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2024-30908

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.0

sources: NVD: CVE-2024-37369

PATCH

title:Patch for Rockwell Automation FactoryTalk View SE Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/565681

Trust: 0.6

sources: CNVD: CNVD-2024-30908

EXTERNAL IDS

db:NVDid:CVE-2024-37369

Trust: 1.6

db:CNVDid:CNVD-2024-30908

Trust: 0.6

sources: CNVD: CNVD-2024-30908 // NVD: CVE-2024-37369

REFERENCES

url:https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1674.html

Trust: 1.6

sources: CNVD: CNVD-2024-30908 // NVD: CVE-2024-37369

SOURCES

db:CNVDid:CNVD-2024-30908
db:NVDid:CVE-2024-37369

LAST UPDATE DATE

2024-08-14T15:15:22.516000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-30908date:2024-07-08T00:00:00
db:NVDid:CVE-2024-37369date:2024-06-17T12:42:04.623

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-30908date:2024-07-08T00:00:00
db:NVDid:CVE-2024-37369date:2024-06-14T17:15:51.310